This course is a comprehensive two-day training for anyone interested in the field of Security Operations or CyberOps. It is meant to give you the core knowledge you need to further your career in security. Topics covered include security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. This training is for security and network professionals who want to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. It also gives you a perspective on what you might expect working in a Cyber Operations role in a Security Operations Center.
This course includes deep dives into key topic areas as well as hands-on labs that students can utilize to test out some of the Cyber Operations techniques discussed in the course. This is an interactive course where we spend time whiteboarding and discussing the concepts covered in the schedule as well as demos of controls and tools used in the industry today.
The timeframes are only estimates and may vary according to how the class is progressing.
DAY 1
Fundamental Security Operations Concepts (1 hour)
Common security and networking terms and topics
Vulnerability management concepts
Attack methodologies and defense techniques
Break (10 mins)
Visibility and Monitoring Fundamentals (50 mins)
Network visibility
Network monitoring
Demo: Network visibility and monitoring tools in SOC environment
Break (10 mins)
Secure your process (50 mins)
Security operations process implementation
Walkthrough: Process documentation resources
Cyber Operations methodologies (1 hour)
Security Operations Center (SOC) methodologies and metrics
Demo: Security Operations Center tools
DAY 2
Finding the blind spots (1.5 hours)
Network intrusion analysis concepts
Demo: Threat hunting tools
Protecting the endpoint (1.5 hours)
Endpoint security controls
Demo: Endpoint security tools
Break (10 mins)
Hands on Lab intro (50 mins)
Introduction to Cyber Defense lab
Demo: Lab environment overview
The Lab environment for this course is hosted on Cisco Dcloud. You will be assigned a lab pod when the class starts. From there you will receive an email with a link to the lab environment. You can also login directly at dcloud.cisco.com.
The lab guide can be downloaded from the resources section in the lab environment once you login?
The lab pods are scheduled and assigned for one week. However, this can be extended at your request.
Please send an email to rontay at cisco.com